Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-3114: No authentication provider found is a DEBUG statement #3315

Closed
spring-projects-issues opened this issue Sep 27, 2015 · 1 comment
Closed
Assignees
Labels
in: core status: invalid type: jira

Comments

@spring-projects-issues
Copy link

@spring-projects-issues spring-projects-issues commented Sep 27, 2015

Brandon McCulligh (Migrated from SEC-3114) said:

I was seeing extremely odd behaviour in one of my applications while adding in a secure section where the application was calling my custom AuthenticationProvider service and authenticating but the app would loose the authentication information when I try to navigate to one of the secure areas. The app would get stuck in redirect loops after a successful login via my custom login page.

In the end this was caused by the framework not knowing about the Authentication Provider. After a long time of trying things such as managing the Authentication object in the session etc, I found out that this is logged as a 1 liner DEBUG statement.

This should at the minimal be logged as an ERROR or I'd argue even as far as a FATAL and throw a stack trace out. This was a hidden problem because the framework knew there wasn't an authentication provider yet I had security rules setup for authentication.

Just to clarify, this bug is to the change the visibility of this error statement. The fix of the actual problem was obviously add in the authentication provider so the framework is aware of it as well.

@spring-projects-issues spring-projects-issues added in: core Open type: bug type: jira labels Feb 5, 2016
@rwinch rwinch removed the Open label May 3, 2019
@marcusdacoregio marcusdacoregio self-assigned this Jun 16, 2021
@marcusdacoregio
Copy link
Contributor

@marcusdacoregio marcusdacoregio commented Jun 16, 2021

Thank you for your report. This is no longer an issue in the latest Spring Security.

Reviewing the code from ProviderManager class, there is not a DEBUG log in it anymore. Instead, what happens when there is not any AuthenticationProvider that supports the authentication method, an event is fired indicating that the authentication was not successful.

I am closing this as it is not valid anymore, but if someone wants to discuss its validity, we can reopen it.

@marcusdacoregio marcusdacoregio added status: invalid and removed type: bug labels Jun 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: core status: invalid type: jira
Projects
None yet
Development

No branches or pull requests

3 participants